Development Security Engineer

Employer: Finastra
Domain:
  • IT Software
  • Job type: full-time
    Job level: 1 - 5 years of experience
    Location:
  • BUCHAREST
  • Updated at: 18.10.2018
    Short company description

    Formed in 2017 by the combination of Misys and D+H, we provide the broadest portfolio of financial services software in the world today—spanning retail banking, transaction banking, lending, capital markets and treasury.

    Our solutions enable customers to deploy mission critical technology on premises or in the cloud. With our scale and geographical reach we drive valued solutions and opportunity for customers regardless of size or geography. Through our open, secure, and reliable solutions, we empower customers to accelerate growth, optimize cost, mitigate risk and continually evolve to meet their changing needs.

    Requirements

    Required Experience:

    KNOWLEDGE AND SKILLS

    Knowledge of full stack engineering.
    Knowledge of Secure SDLC processes.
    Software development and/or QA background (knowledge of programming languages, SDK, API, SPI and application infrastructure/servers).
    Code security knowledge (including static and dynamic code scanning).
    Working knowledge of networking protocols and cryptography.
    Working knowledge of database technologies including directory services, relational databases, and no-SQL.
    EXPERIENCE

    2+ years of experience in application security penetration testing
    Experience with security testing tools (Burp suite, Appscan, WebInspector, SQLMAP, Kali, etc.)
    Experience with Software exploitation (penetration testing, reverse engineering).
    Experience with enterprise software and architecture.
    Experience with middleware and messaging.
    Experience with IDM, IAM, and AAA (SAML, OpenID, Oauth).
    Experience with Web service security (REST, WSDL).

    Responsibilities

    Responsibilities & Deliverables:

    Conduct full application security penetration testing across Finastra products and DevOps infrastructure.
    Work with the product engineering teams and provide industry best practice solutions to mitigate identified findings and ensure the fixes are properly addressed.
    Support the product engineering teams to identify false positives in code scanning reports and security testing reports
    Serve as the security SME for product engineering teams.
    Build, maintain and execute a strategy to secure Finastra’s customer facing products.
    Conduct and lead threat assessments and propose remedies.
    Develop security requirements and stories.
    Partner with the business to understand our clients’ security needs and the marketplace security standards.
    Lead conversations about security with prospective and current clients alongside the business and sales team.
    Develop security material (brochures, white-papers) for consumption by customers showcasing the security of Finastra products.